Merge branch 'readme-conventions' of evolix/evocheck into master
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Some checks reported errors
continuous-integration/drone/push Build encountered an error
This commit is contained in:
commit
018b8a3598
63
README.md
63
README.md
|
@ -9,6 +9,69 @@ Some checks can be disabled in the `/etc/evocheck.cf` config file.
|
|||
|
||||
Tests can be run with Vagrant and the provided `VagrantFile`.
|
||||
|
||||
## How to contribute
|
||||
|
||||
Read the CONTRIBUTING.md file.
|
||||
|
||||
Try to respect the following conventions.
|
||||
|
||||
### Use the verbose mode to explain errors
|
||||
|
||||
The `failed` function takes a mandatory first argument for the check name and a secondary optional argument for the message to display in verbose mode. Example :
|
||||
|
||||
```shell
|
||||
test -f /path/to/file || failed "IS_FILE_EXISTS" "Missing file \`/path/to/file'"
|
||||
```
|
||||
|
||||
If the test is in a loop and might yield multiple errors, It's better to print a single error in normal mode and every error in verbose mode.
|
||||
|
||||
```shell
|
||||
for user in $users; do
|
||||
if ! groups "$user" | grep -q adm; then
|
||||
failed "IS_USERINADMGROUP" "User $user doesn't belong to \`adm' group"
|
||||
test "${VERBOSE}" = 1 || break
|
||||
fi
|
||||
done
|
||||
```
|
||||
|
||||
In a single check with multiple conditions, the verbose message helps determine which condition failed. Example :
|
||||
|
||||
```shell
|
||||
if [ "$last_upgrade" -eq 0 ]; then
|
||||
[ "$install_date" -lt "$limit" ] && failed "IS_NOTUPGRADED" "The system has never been updated"
|
||||
else
|
||||
[ "$last_upgrade" -lt "$limit" ] && failed "IS_NOTUPGRADED" "The system hasn't been updated for too long"
|
||||
fi
|
||||
```
|
||||
|
||||
### Use existing predicates
|
||||
|
||||
There are a few predicate functions that help making conditionals.
|
||||
|
||||
For Debian versions : `is_debian`, `is_debian_stretch`, `is_debian_jessie`…
|
||||
For packs : `is_pack_web`, `is_pack_samba`.
|
||||
For installed packages : `is_installed <package> [<package>]`.
|
||||
|
||||
### Extact variables
|
||||
|
||||
It's better not to inline function calls inside tests. Instead of this :
|
||||
|
||||
```shell
|
||||
test "$(stat --format "%a" $MINIFW_FILE)" = "600" || failed "IS_MINIFWPERMS"
|
||||
```
|
||||
|
||||
… prefer that :
|
||||
|
||||
```shell
|
||||
actual=$(stat --format "%a" $MINIFW_FILE)
|
||||
expected="600"
|
||||
test "$expected" = "$actual" || failed "IS_MINIFWPERMS"
|
||||
```
|
||||
|
||||
### Verify assumptions
|
||||
|
||||
It's better to verify that a file, a directory or a command is present before using it, even if it's true in more than 99% of situations.
|
||||
|
||||
## How to build the package for a new Debian release
|
||||
|
||||
On the master branch, add the last stable version with a release tag.
|
||||
|
|
Loading…
Reference in a new issue